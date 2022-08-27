LastPass CEO Karim Toubba says no personal data or encrypted passwords were compromised.

The corporation wouldn’t say how long the incident went undetected.

It’s the latest mishap for LastPass, which angered many customers by making its free tier less functional in 2021.

Earlier this week, LastPass began warning users of a “recent security incident” in which an “unauthorised person” accessed its password manager’s source code and “some proprietary LastPass technical information.” In a letter to users, CEO Karim Toubba said no personal data or encrypted passwords were obtained.

Toubba said the corporation “implemented additional enhanced security measures” after containing the two-week-old intrusion. The corporation wouldn’t say how long the incident went undetected.

LastPass users don’t need to change their master password or perform a security audit, the company said. LastPass may have to make adjustments after an unauthorised person accessed its source code.

Having a program’s source code doesn’t mean hackers can immediately pwn it, breaking its protections. Microsoft famously asserts that people reading its source code shouldn’t be a security problem.

Even if the breach doesn’t seem to indicate security issues within the organisation, it’s not a good picture for a password manager with a poor reputation. It’s the latest mishap for LastPass, and the business also angered many customers by making its free tier less functional in early 2021.

